Re: HP announcing some International Cryptography stuff on Monday
At 12:49 PM 11/15/96 -0800, Timothy C. May wrote:
It sounds ominous to me. Another backroom deal, probably for some form of key recovery strategy, aka GAK.
I'd bet GAK too. RSADSI has been working on GAK protocols, so these ones might actually work. I feel as pessimistic about this one as Lucky usually is. At 12:05 PM 11/15/96 -0800, John Gilmore wrote:
Are they the next Big Company to knuckle under to the Feds? Their pcmcia-with-local-country-surveillance-chip-socket initiative never seemed to go anywhere.
Since I am inherently optimistic, one ray of light may be that the San Jose Mercury News was mentioning the ability to export the system, and then when the necessary licenses (US and foreign) were obtained, turn on the encryption. I guess from this that the encryption is in hardware. Now, software/hardware interfaces are usually fairly simple, so what we have here is a software system with a crypto hook. ------------------------------------------------------------------------- Bill Frantz | The lottery is a tax on | Periwinkle -- Consulting (408)356-8506 | those who can't do math. | 16345 Englewood Ave. frantz@netcom.com | - Who 1st said this? | Los Gatos, CA 95032, USA
At 6:44 PM -0800 11/17/96, Lucky Green wrote:
I have a hard time believing that Netscape caved. As I wrote in July, HP was working on selling our children's birthright to obtain an export license for their product. But Netscape participating in this just doesn't sound right.
Indeed, some comments from the usually-vocal Weinstein brothers would be most welcome. (I presume they "won't comment on rumors." After Monday's announcement, I hope we'll hear from the various Netscape people who have commented in the past.) If Netscape is part of this sorry situation, it will mean that Jim Clarke's expression of support for GAK a year ago was the _real_ story, with the "we won't cave" noises just a pacifier. By the way, Netscape once promised that their new corporate position was this: that if the U.S. government insisted on a crippled version for export, the domestic version would not be crippled at all. I for one don't think that having the same smartcard, but with different permissions or approval processes, constitutes having the U.S. version be "uncrippled." (Why? Because if Netscape and others widely deploy the H-P/Intel GAK product, the government could decide any time they want to tighten licensing for U.S. users, for felons, etc.) --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
On Sun, 17 Nov 1996, Bill Frantz wrote:
At 12:49 PM 11/15/96 -0800, Timothy C. May wrote:
It sounds ominous to me. Another backroom deal, probably for some form of key recovery strategy, aka GAK.
I'd bet GAK too. RSADSI has been working on GAK protocols, so these ones might actually work. I feel as pessimistic about this one as Lucky usually is.
I have a hard time believing that Netscape caved. As I wrote in July, HP was working on selling our children's birthright to obtain an export license for their product. But Netscape participating in this just doesn't sound right.
Since I am inherently optimistic, one ray of light may be that the San Jose Mercury News was mentioning the ability to export the system, and then when the necessary licenses (US and foreign) were obtained, turn on the encryption. I guess from this that the encryption is in hardware. Now, software/hardware interfaces are usually fairly simple, so what we have here is a software system with a crypto hook.
One possibility is that all crypto is done in hardware. The recent announcements by many hardware manufacturers that smartcard readers will be included in all their products (MS will put them into their keyboards) might get the necessary infrastructure deployed. Of course, no crypto will work without the hardware token. The applications use signed code. Hardware tokens are only valid for a certain time. Making future mandatory upgrades to Fortezza, etc. a cinch. --Lucky
On Sun, 17 Nov 1996, Lucky Green wrote:
One possibility is that all crypto is done in hardware. The recent announcements by many hardware manufacturers that smartcard readers will be included in all their products (MS will put them into their keyboards) might get the necessary infrastructure deployed.
Of course, no crypto will work without the hardware token. The applications use signed code. Hardware tokens are only valid for a certain time. Making future mandatory upgrades to Fortezza, etc. a cinch.
--Lucky
Ok... I want everybody to go buy a box of diskettes, and put copies of PGP on them. Then we'll save our boxes of PGP for when everything but GAK is illegal, and the thought police are stealing hard drives. BTW, I really like that thermite on the HD thing. A possibly better idea could be something that eats the platters.... little container of nitric acid. Anyway.. that's off topic. If I'm understanding correctly, In the year 2000 (whatever) when we use crypt(3) it's just a call to the NSAcryptoGAK chip on the board. and that's supposed to be good enough for everyone. What's next? A processor that detects an unGAK'd software crypto program running and phones the NSA or whoever? One more thing... what's this about MD5 being broken... references, webpages, whatever would be nice. -- Chris Kuethe <ckuethe@gpu.srv.ualberta.ca> LPGV Electronics and Controls http://www.ualberta.ca/~ckuethe/ http://www.dcs.ex.ac.uk/~aba/rsa/ RSA in 2 lines of PERL print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
Timothy C. May wrote:
At 6:44 PM -0800 11/17/96, Lucky Green wrote:
I have a hard time believing that Netscape caved. As I wrote in July, HP was working on selling our children's birthright to obtain an export license for their product. But Netscape participating in this just doesn't sound right.
Indeed, some comments from the usually-vocal Weinstein brothers would be most welcome.
Our position on hardware crypto is that if it has a PKCS#11 interface, we'll probably support it. To the best of my knowledge, we aren't endorsing the HP scheme in particular. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw@netscape.com
-----BEGIN PGP SIGNED MESSAGE----- frantz@netcom.com (Bill Frantz) writes:
At 12:05 PM 11/15/96 -0800, John Gilmore wrote:
Are they the next Big Company to knuckle under to the Feds? Their pcmcia-with-local-country-surveillance-chip-socket initiative never seemed to go anywhere.
Since I am inherently optimistic, one ray of light may be that the San Jose Mercury News was mentioning the ability to export the system, and then when the necessary licenses (US and foreign) were obtained, turn on the encryption. I guess from this that the encryption is in hardware. Now, software/hardware interfaces are usually fairly simple, so what we have here is a software system with a crypto hook.
So what if the "license" is really the key? Sure, it would be possible to generate your own kwys, but it's possible to export strong crypto. Large commercial interests tend not to want to run afoul of the USG. Jer "standing on top of the world/ never knew how you never could/ never knew why you never could live/ innocent life that everyone did" -Wormhole -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMo/v6skz/YzIV3P5AQG6RwMAleccaFPQO1R4iJbAV/wXj3dF41L8c/5f pS8meubkoHfxuoywGwXiEyXKL1exzDNFE83L7E5jEHH8XR+gBZEpbV57zt4Ggyyr eV2DUXWSPmFhO8Pl+BohDYadjY4oFkvQ =YZut -----END PGP SIGNATURE-----
participants (6)
-
C Kuethe -
frantz@netcom.com -
Jeremiah A Blatz -
Lucky Green -
Timothy C. May -
Tom Weinstein